2.3 Flashcards

Summarize secure application development, deployment, and automation concepts. Summarize

1
Q

Most organizations have multiple, separate __________ designed to provide isolation between the functions of development, test, staging, and production.

A

Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Is a type of environment that is sized, configured, and set up for developing applications and systems.

A

Development environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Is a type of environment that is used to test a system fully prior to deploying it into production to ensure that it is bug-free and will not disrupt the production environment.

A

Test environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Is an optional environment, but it is commonly used when an organization has multiple production environments. Primary purpose is to serve as a sandbox after testing, so the test system can test the next set while the current set is deployed across the enterprise.

A

Staging environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Is a type of environment where the systems work with real data, doing the business that the system is intended to perform.

A

Production environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Is a common step in any manufacturing process that ensures the delivery of high-quality software or IT systems. The primary goal of this step is to verify and validate that a product or system meets specified requirements and adheres to established standards.

A

Quality assurance (QA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Is the process of assigning permissions or authorities to objects. Users can be provisioned into group, and computer processes or threads can be provisioned to higher levels of authority when executing.

A

Provisioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Is the removal of permissions or authorities.

A

deprovisioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Refers to the process of verifying and ensuring the integrity of software, systems, or data.

A

Integrity measurement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Refers to organizing data to minimize redundancy and dependency. It helps in preventing anomalies and inconsistencies in data, which can be exploited by attackers.

A

Normalization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

These are precompiled SQL queries stored on the database server. They enhance security by allowing the database to execute specific tasks without exposing the underlying code to potential attackers.

A

Stored procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This involves intentionally making code or data unclear. It’s used to deter and thwart attackers attempting to analyze or exploit the system.

A

Obfuscation/camouflage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Involves leveraging existing code for new purposes, which can introduce security risks if the reused code contains vulnerabilities.

A

Code reuse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Refers to code that is no longer used but still present in the system, which can create security holes if not properly managed.

A

Dead code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Critical value checks or security checks should be performed on the ___________-side.

A

Server-side

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Critical value checks or security checks should not be performed on the ___________-side.

A

client-side

17
Q

Involves allocating and deallocating memory resources efficiently to prevent memory-related vulnerabilities like buffer overflows.

A

Memory management

18
Q

Software developers use packaged sets of software programs and tools called __________ to create apps for specific vender platforms.

A

software development kits (SDKs)

19
Q

Is the loss of control over data from a system during operations.

A

Data exposure

20
Q

An organization that provides resources, tools, and guidelines for improving web application security.

A

Open Web Application
Security Project (OWASP)

21
Q

Software that translates source code into machine code or executable code.

A

Compiler

22
Q

Executable machine code that computers can directly execute. 1’s and 0’s.

A

Binary

23
Q

Involves using ________________ to perform repetitive tasks.

A

Automation/scripting

24
Q

Predefined responses or actions triggered automatically by security events or alerts.

A

Automated courses of action

25
Q

Term used to describe the technologies and processes employed to enable rapid detection of compliance issues and security risks.

A

Continuous monitoring

26
Q

Regularly verifying that code is secure and compliant with security policies and standards.

A

Continuous validation

27
Q

Continually updating and improving the production codebase.

A

Continuous integration

28
Q

Is a natural extension of continuous integration. Allows new changes to production to be released quickly and sustainably.

A

Continuous delivery

29
Q

Is continuous delivery on autopilot. It goes one step further than continuous delivery in that the release is automatic.

A

Continuous deployment

30
Q

Is the characteristic that something is capable of change without breaking.

A

Elasticity

31
Q

Is the characteristic of a software system to process higher workloads on its current resources (scale up) or on additional resources (scale out) without interruption.

A

Scalability

32
Q

The practice of tracking and managing changes to software code and configuration files.

A

Version control